Chapter 4
Sitecore Security
What's in This Chapter?
Evaluating access rights and security inheritance
Applying access rights with the Security Editor
Examining access rights with the Access Viewer
Understanding security domains, accounts, profiles, and roles
Integrating and extending the Sitecore security model
Sitecore provides a comprehensive security infrastructure that you can use to secure any item in any Sitecore database. This model uses concepts familiar to security administrators experienced with Windows domains, New Technology File System (NTFS), and Access Control Lists. Concepts of the Sitecore security infrastructure include:
- Access rights
- Users
- User profiles
- Roles (groups)
- Domains
- Security inheritance
After reading this chapter, you will have a greater understanding of the purpose of each access right, as well as of how Sitecore evaluates rights and inheritance.
You can use a number of techniques to integrate Sitecore with external security systems. The Sitecore security model uses the provider pattern, which lets you plug in alternate implementations for each component of the model. Sitecore supplies default ASP.NET security providers for authentication, user profile management, and role management. Sitecore provides optional modules that enable you to use Microsoft Dynamics Customer Relationship Management (CRM) and Active Directory (AD) for authentication. You can replace the default providers with these or with custom provider implementations that access external ...
Get Professional Sitecore Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
